hckrnws

I've not come across Genode before but it looks cool. Is anyone using this as a primary OS? Can anyone comment on the usability?

The developers have been using it as their primary OS for years, now.

It has 3d acceleration. It has a modern webbrowser. It has virtualbox, where you can run Linux to then run any misc program which doesn't in Genode yet.

If they liked working on Qt, I wonder why they didn't consider porting Sailfish Browser - https://github.com/sailfishos/sailfish-browser - based on Gecko?

Genode is awesome in general.

Can you expand on that? Why? What’s cool?

It’s a multiserver OS on top of a microkernel, what almost everyone in the academic community of the 90s assumed would be the future of single-computer systems (see e.g. the Tanenbaum—Torvalds debate[1]). The security framework at runtime is capabilities[2,3] (“object-capabilities”, not the weird draft POSIX thing) as opposed to ACLs; that is, you can access an object to the exact extent that you can name it, and those names are system-mediated and unforgeable (POSIX fds are capabilities; POSIX filenames are not; public Google Docs links kind of are in that it’s infeasible to guess them).

Basically, this is mainstream thinking as of the last point researchers seriously thought about single-machine OSes, sometime in the early 00s. And unlike most products of that thinking, it’s a fairly complete desktop system that can do a fair amount of desktop things. At the very least, it’s a proof by construction that this approach can actually serve as the foundation for a practical system.

(Hardware support sucks, of course, but with hardware manufacturers guarding their docs more closely than their genitals it’s a miracle you can actually get any PCs to work at all without Microsoft’s clout.)

[1] https://www.oreilly.com/openbook/opensources/book/appa.html

[2] http://cap-lore.com/CapTheory/

[3] http://erights.org/elib/capability/index.html

> hardware manufacturers guarding their docs more closely than their genitals

That's a magnificent turn of phrase and I shall now be on the lookout for an excuse to use it myself.

About Genode: https://genode.org/about/index

General overview: https://genode.org/documentation/general-overview/index

> Genode is based on a recursive system structure. Each program runs in a dedicated sandbox and gets granted only those access rights and resources that are needed for its specific purpose. Programs can create and manage sub-sandboxes out of their own resources, thereby forming hierarchies where policies can be applied at each level. The framework provides mechanisms to let programs communicate with each other and trade their resources, but only in strictly-defined manners. Thanks to this rigid regime, the attack surface of security-critical functions can be reduced by orders of magnitude compared to contemporary operating systems.

The architecture. I do not know any other examples of modular dynamic systems based on capabilities.

Genode does it successfully, and the formally verified seL4 microkernel is one of the kernels they support.

The systems most of us use are now legacy, as Genode proves it can be done fundamentally better.

Fuchsia/Zircon is the other notable one.

HURD and Plan 9 are one step in this direction but with less focus on capability-based security.

https://en.wikipedia.org/wiki/Plessey_System_250